CVE-2017-20213

HIGH

FLIR Thermal Camera F/FC/PT/D Stream <8.0.0.64 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20213. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an unauthenticated and unauthorized live stream disclosure vulnerability in FLIR Systems' thermal cameras. It provides direct URLs to access live video streams without authentication.

Description

FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/42789

View Code ZIP pw:eip

The exploit describes an unauthenticated and unauthorized live stream disclosure vulnerability in FLIR Systems' thermal cameras. It provides direct URLs to access live video streams without authentication.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FLIR Systems FLIR Thermal Camera (F/FC/PT/D Series) with firmware version 8.0.0.64 and software version 10.0.2.43

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/42789/

Exploit, Third Party Advisory exploit

https://packetstormsecurity.com/files/144323

Issue Tracking third-party-advisory

https://cxsecurity.com/issue/WLB-2017090204

Various Sources vendor-advisory patch

https://web.archive.org/web/20171011125811/https://www.flir.com/security/blog/details/?ID=87043

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5435.php

Scores

CVSS v3 7.5

EPSS 0.0042

EPSS Percentile 33.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (1)

FLIR Systems, Inc./FLIR Thermal Camera F/FC/PT/D Stream 8.0.0.64

Published Jan 08, 2026

Tracked Since Feb 18, 2026